Page 9 - index
P. 9
Cyber Security Protection Requires Teamwork, Collaboration &
Real Partnership
By Robert B. Dix, Jr., Vice President for Global Government Affairs and Public Policy, Juniper
Networks
Recent high profile data breaches in government and industry provide compelling evidence of the
growing cybersecurity challenge and its potential adverse impact on national and economic security
globally. No longer are the risks limited to website defacements and nuisance hacking; or even
identity theft and stealing credit card or bank account information; or even political hacktivists like
Anonymous or others. Events like the OPM breach, Sony attack, Target compromise, and others
vividly illustrate the growing capabilities and sophistication of criminals, nation states and even
terrorist organizations.
Although the topic of cybersecurity has elevated across the public and private sectors, and the
dialogue has driven greater awareness in Washington, DC, across the country and around the
world, there remains a great deal of confusion about what to do to contain and address the evolving
risk in cyberspace.
While it is important for Congress to pass meaningful legislation to improve cybersecurity
information sharing and provide sufficient liability protection for entities that share sensitive
information with the government, along with insuring appropriate privacy protections, there is much
more that needs to be done quickly to address cybersecurity preparedness and resilience in the
United States and around the world.
The Cybersecurity Information Sharing Act (CISA) of 2015 (S.754) is an important measure that will
certainly address some of the current challenges to the exchange of relevant cybersecurity
information between industry and government. However, it is important to note that information
sharing itself is not new and, in fact, has been going on between industry and government as well
as within and across industry for quite some time. The significant gap that remains and is largely
unaddressed by CISA or any other current proposal is the ongoing reluctance of government to
share timely and actionable cyber threat information and threat intelligence with the private sector.
That type of information, when available, is often withheld by government due to concerns about
classification of the information. Some opine that too much information is classified and over-
classified to the detriment of effective bi-directional information sharing. Importantly, such
information is a key ingredient to protection, preparedness and resilience in cyberspace. Better
understanding the tactics, techniques and procedure employed by the bad guys, along with the
attendant analysis to determine what protective measures, had they been in place, might have
prevented or reduced the impact of a cyber event is critical to making informed risk management
decisions and investments. There are some who seem to believe that passage of CISA will solve
the evolving and increasingly perilous cybersecurity challenge. While effective bi-directional
information sharing is a critical element, it is but a tool to achieving the real objective, which is
timely, reliable, and actionable situational awareness during steady state operations and throughout
thresholds of incident escalation.
9 Cyber Warnings E-Magazine – September 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
